Australian Digital Forensics Conference

Document Type

Conference Proceeding

Publisher

SRI Security Research Institute, Edith Cowan University, Perth, Western Australia

Abstract

Network forensics concerns the identification and preservation of evidence from an event that has occurred or is likely to occur. The scope of network forensics encompasses the networks, systems and devices associated with the physical and human networks. In this paper we are assessing the forensic potential of a router in investigations. A single router is taken as a case study and analysed to determine its forensic value from both static and live investigation perspectives. In the live investigation, tests using steps from two to seven routers were used to establish benchmark expectations for network variations. We find that the router has many attributes that make it a repository and a site for evidence collection. The implications of this research are for investigators and the inclusion of routers in network forensic investigations.

Comments

Originally published in the Proceedings of the 11th Australian Digital Forensics Conference. Held on the 2nd-4th December, 2013 at Edith Cowan University, Perth, Western Australia

Share

 
COinS
 

Link to publisher version (DOI)

10.4225/75/57b3c682fb86d